-
Notifications
You must be signed in to change notification settings - Fork 0
/
system.resetpw.go
161 lines (137 loc) · 4.09 KB
/
system.resetpw.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
package main
import (
"errors"
"log"
"net/http"
"path/filepath"
auth "imuslab.com/arozos/mod/auth"
fs "imuslab.com/arozos/mod/filesystem"
"imuslab.com/arozos/mod/utils"
)
/*
Password Reset Module
This module exists to serve the password restart page with security check
*/
func system_resetpw_init() {
http.HandleFunc("/system/reset/validateResetKey", system_resetpw_validateResetKeyHandler)
http.HandleFunc("/system/reset/confirmPasswordReset", system_resetpw_confirmReset)
}
// Validate if the ysername and rkey is valid
func system_resetpw_validateResetKeyHandler(w http.ResponseWriter, r *http.Request) {
username, err := utils.PostPara(r, "username")
if err != nil {
utils.SendErrorResponse(w, "Invalid username or key")
return
}
rkey, err := utils.PostPara(r, "rkey")
if err != nil {
utils.SendErrorResponse(w, "Invalid username or key")
return
}
if username == "" || rkey == "" {
utils.SendErrorResponse(w, "Invalid username or rkey")
return
}
//Check if the pair is valid
err = system_resetpw_validateResetKey(username, rkey)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendOK(w)
}
func system_resetpw_confirmReset(w http.ResponseWriter, r *http.Request) {
username, _ := utils.PostPara(r, "username")
rkey, _ := utils.PostPara(r, "rkey")
newpw, _ := utils.PostPara(r, "pw")
if username == "" || rkey == "" || newpw == "" {
utils.SendErrorResponse(w, "Internal Server Error")
return
}
//Check user exists
if !authAgent.UserExists(username) {
utils.SendErrorResponse(w, "Username not exists")
return
}
//Validate rkey
err := system_resetpw_validateResetKey(username, rkey)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
//OK to procced
newHashedPassword := auth.Hash(newpw)
err = sysdb.Write("auth", "passhash/"+username, newHashedPassword)
if err != nil {
utils.SendErrorResponse(w, err.Error())
return
}
utils.SendOK(w)
}
func system_resetpw_validateResetKey(username string, key string) error {
//Get current password from db
passwordInDB := ""
err := sysdb.Read("auth", "passhash/"+username, &passwordInDB)
if err != nil {
return err
}
//Get hashed user key
hashedKey := auth.Hash(key)
if passwordInDB != hashedKey {
return errors.New("Invalid Password Reset Key")
}
return nil
}
func system_resetpw_handlePasswordReset(w http.ResponseWriter, r *http.Request) {
//Check if the user click on this link with reset password key string. If not, ask the user to input one
acc, err := utils.GetPara(r, "acc")
if err != nil || acc == "" {
system_resetpw_serveIdEnterInterface(w, r)
return
}
resetkey, err := utils.GetPara(r, "rkey")
if err != nil || resetkey == "" {
system_resetpw_serveIdEnterInterface(w, r)
return
}
//Check if the code is valid
err = system_resetpw_validateResetKey(acc, resetkey)
if err != nil {
utils.SendErrorResponse(w, "Invalid username or resetKey")
return
}
//OK. Create the New Password Entering UI
vendorIconSrc := filepath.Join(vendorResRoot, "vendor_icon.png")
if !fs.FileExists(vendorIconSrc) {
vendorIconSrc = "./app/img/public/vendor_icon.png"
}
imageBase64, _ := utils.LoadImageAsBase64(vendorIconSrc)
template, err := utils.Templateload("system/reset/resetPasswordTemplate.html", map[string]interface{}{
"vendor_logo": imageBase64,
"host_name": *host_name,
"username": acc,
"rkey": resetkey,
})
if err != nil {
log.Fatal(err)
}
w.Header().Set("Content-Type", "text/html; charset=UTF-8")
w.Write([]byte(template))
}
func system_resetpw_serveIdEnterInterface(w http.ResponseWriter, r *http.Request) {
//Reset Key or Username not found, Serve entering interface
imgsrc := filepath.Join(vendorResRoot, "vendor_icon.png")
if !fs.FileExists(imgsrc) {
imgsrc = "./app/img/public/vendor_icon.png"
}
imageBase64, _ := utils.LoadImageAsBase64(imgsrc)
template, err := utils.Templateload("system/reset/resetCodeTemplate.html", map[string]interface{}{
"vendor_logo": imageBase64,
"host_name": *host_name,
})
if err != nil {
log.Fatal(err)
}
w.Header().Set("Content-Type", "text/html; charset=UTF-8")
w.Write([]byte(template))
}